Pagure before 5.6 allows XSS via the templates/blame.html blame view.Referenceshttps://pagure.io/pagure/commits/masterhttps://docs.pagure.org/pagure/changelog.htmlhttps://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html
